Thank you, when I put path looks different, but with new error :(

encoding iso-8859-1>

The ipa-server-certinstall command failed.

On December 23, 2019 at 5:45:51 PM, Florence Blanc-Renaud (flo@redhat.com) wrote:

On 12/23/19 4:52 PM, Petar Kozić via FreeIPA-users wrote:
> Hi folks,
>
> I have one IPA server in production for my small environment. There I
> set Let’s Encrypt CA root and issue .p12 cert without problem.
>
> Now, I want to install FreeIPA on VPS, but I have problem with Let’s
> encrypt SSL. I can’t import SSL.
>
> First, I imported CA certficates:
>
> ipa-cacert-manage -n DSTRootCAX3 -t C,, install DTSRootCAX3.pem
>
> ipa-cacert-manage -n LetsEncryptX3 -t C,, install ca.cer
>
> ipa-certupdate -v
>
> That’s all ok.
>
> But than, I generate new p12
>
> with command:
>
> openssl pkcs12 -export -in cert.pem -inkey privkey.pem -out ipa.p12
> -certfile fullchain.pem
>
> Than, ask me for pass and that all is ok.
>
> When I run:
>
> ipa-server-certinstall -w ipa.p12 -v
>
> ask me for Directory pass and pass which I enter in step above,
> than I get error:
>
> ipalib.backend: DEBUG: Created connection context.ldap2_140380174158736
> ipapython.ipautil: DEBUG: Starting external process
> ipapython.ipautil: DEBUG: args=['/usr/bin/certutil', '-d',
> '/tmp/tmpauWQ5Z', '-N', '-f', '/tmp/tmpauWQ5Z/pwdfile.txt', '-@',
> '/tmp/tmpauWQ5Z/pwdfile.txt']
> ipapython.ipautil: DEBUG: Process finished, return code=0
> ipapython.ipautil: DEBUG: stdout=
> ipapython.ipautil: DEBUG: stderr=
> ipapython.ipautil: DEBUG: Starting external process
> ipapython.ipautil: DEBUG: args=['/usr/bin/pk12util', '-d',
> 'dbm:/tmp/tmpauWQ5Z', '-i', 'ipa.p12', '-k',
> '/tmp/tmpauWQ5Z/pwdfile.txt', '-v', '-w', '/tmp/tmp66gfLt']
> ipapython.ipautil: DEBUG: Process finished, return code=10
> ipapython.ipautil: DEBUG: stdout=
> ipapython.ipautil: DEBUG: stderr=pk12util: File Open failed: ipa.p12:
> PR_FILE_NOT_FOUND_ERROR: File not found
>
> ipapython.admintool: DEBUG: File
> "/usr/lib/python2.7/dist-packages/ipapython/admintool.py", line 174, in
> execute
> return_value = self.run()
> File
> "/usr/lib/python2.7/dist-packages/ipaserver/install/ipa_server_certinstall.py",
> line 116, in run
> self.replace_http_cert()
> File
> "/usr/lib/python2.7/dist-packages/ipaserver/install/ipa_server_certinstall.py",
> line 156, in replace_http_cert
> host_name=api.env.host
> File
> "/usr/lib/python2.7/dist-packages/ipaserver/install/ipa_server_certinstall.py",
> line 201, in load_pkcs12
> **kwargs)
> File
> "/usr/lib/python2.7/dist-packages/ipaserver/install/installutils.py",
> line 1151, in load_pkcs12
> raise ScriptError(str(e))
>
> ipapython.admintool: DEBUG: The ipa-server-certinstall command failed,
> exception: ScriptError: Failed to load ipa.p12
> ipapython.admintool: ERROR: Failed to load ipa.p12
> ipapython.admintool: ERROR: The ipa-server-certinstall command failed.
>
>
> Some ideas ?
>
Hi,
Did you try to provide the full path to ipa.p12? Check the file permissions?

flo
> *—*
> *
> *
> *Petar Kozić*
> System Administrator
>
> *mobile: *+381 6 <callto:+381%2060%2006%2088%20008>4 83 44 310*
> *
> *e-mail:* petar.kozic@mint.rs <mailto:petar.kozic@mint.rs>
>
> Mint Services | Jove Ilića 140 | 11000 Beograd | Srbija
>
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
>